View Issue Details

IDProjectCategoryView StatusLast Update
0002512OXID eShop (all versions)4.02. Session handlingpublic2011-07-01 13:44
Reportertjungcl 
PriorityurgentSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.4.6 revision 32697 
Target VersionFixed in Version4.5.1 revision 38045 
Summary0002512: Session-Loss
Descriptionwhen surfing WITHOUT cookies enabled in a oxid-shop, in which the dynamic content cache had been filled before by a user WITH cookies enabled, you loose your session.
Steps To Reproduce-open two browsers, A) with cookies disabled B) with cookies enabled

-use B) to open admin, active caching, delete cache

-use B) to surf around in frontend. Put something into your basket, open categories, article-details, etc

-now use A) to surf around in the frontend. Put something into your basket and you'll get a forced_sid, alright. Now keep surfing, open a category you visited with B) before, an article - and very soon you'll notice the session-loss.

--> problem seems to be, that cookie-surfers leave no SIDs in the cache (which is fine). If a cookieless-surfers uses the cache, the links in it still contain no SID. Clicking such a link looses the sid in the url and the session is lost.
You should make sure, that when you proccess the cache and isSidNeeded is true, you add a SID to every link, to only replace old sids.





TagsNo tags attached.
ThemeBoth
BrowserAll
PHP Versionany
Database Versionany

Relationships

related to 0002939 resolvedArunas usage without cookies impossible 
has duplicate 0002447 closedbirute_meilutyte Session loss with inactive cookies and active caching 

Activities

Arunas

2011-07-01 13:44

reporter   ~0004805

fixed